CVE-2006-4364

MDaemon < 9.0.6 - Heap-Based Buffer Overflow via Long USER or APOP Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-4364. PoCs published by muts, Leon Juranic.

AI-analyzed exploit summary This exploit targets a heap overflow vulnerability in MDaemon's pre-authentication USER command. It uses an egghunter and shellcode to achieve remote code execution, specifically a bind shell on port 4444.

Description

Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands.

Exploits (2)

exploitdb WORKING POC VERIFIED
by muts · pythonremotewindows
https://www.exploit-db.com/exploits/2258

This exploit targets a heap overflow vulnerability in MDaemon's pre-authentication USER command. It uses an egghunter and shellcode to achieve remote code execution, specifically a bind shell on port 4444.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: MDaemon versions 9.0.5, 7.2.3, 7.2.2, 7.2.1, 7.2.0
No auth needed
Prerequisites: Network access to the MDaemon POP3 service (port 110) · Target running a vulnerable version of MDaemon on an unpatched Windows 2000 SP4 system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Leon Juranic · perldoswindows
https://www.exploit-db.com/exploits/2245

This exploit targets a pre-authentication heap overflow in Mdaemon POP3 by sending maliciously crafted USER commands with oversized input. It demonstrates the vulnerability by triggering a crash or potential code execution via heap corruption.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Theoretical
Target: Mdaemon POP3 (version not specified)
No auth needed
Prerequisites: Network access to the target POP3 service (port 110)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2245
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016729
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3361
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28517
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444015/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1446
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19651
Various Sources x_refsource_confirm
http://files.altn.com/MDaemon/Release/RelNotes_en.txt
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21595
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/28125

Scores

EPSS 0.5462
EPSS Percentile 98.9%

Details

Status published
Products (44)
alt-n/mdaemon 2.8
alt-n/mdaemon 2.8.5.0
alt-n/mdaemon 2.71_sp1
alt-n/mdaemon 3.0.3
alt-n/mdaemon 3.0.4
alt-n/mdaemon 3.1.1
alt-n/mdaemon 3.1.2
alt-n/mdaemon 3.1_beta
alt-n/mdaemon 3.5.0
alt-n/mdaemon 3.5.1
... and 34 more
Published Aug 27, 2006
Tracked Since Feb 18, 2026